CVE-2024-35122
LOWIBM i 7.2-7.5 - Unauthenticated Local Denial of Service via Referential Constraint Configuration
Title source: llmDescription
IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
patch
https://www.ibm.com/support/pages/node/7178317
Scores
CVSS v3
2.8
EPSS
0.0003
EPSS Percentile
7.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
Status
published
Products (4)
ibm/i
7.2
ibm/i
7.3
ibm/i
7.4
ibm/i
7.5
Published
Jan 24, 2025
Tracked Since
Feb 18, 2026